<?php if(!defined('BASEPATH')) exit('No direct script access allowed');

class account
{//Role = 1: User bình thường; Role = 99: Role = 77: Master; Admin; Status = 1: Mới tạo; Status = 2: Đã active; Status = 0: Đã khóa;
	var $CI; var $db = 'lp_account';
	public function checkCookie()
	{
		$this->CI=&get_instance();
		if(isset($_COOKIE['un'])&&($_COOKIE['un']!=""))
		{
			if($this->CI->input->cookie('un',TRUE)!=$this->CI->input->cookie('un'))
			{
				delete_cookie("un");delete_cookie("bm");delete_cookie("lg");delete_cookie("rl");
				return FALSE;
			}
		}
		if(isset($_COOKIE['bm'])&&($_COOKIE['bm']!=""))
		{
			if($this->CI->input->cookie('bm',TRUE)!='lOcPhUsOlUtIoNs')
			{
				delete_cookie("un");delete_cookie("bm");delete_cookie("lg");delete_cookie("rl");
				return FALSE;
			}
		}
		if(isset($_COOKIE['lg'])&&($_COOKIE['lg']!=""))
		{
			if($this->CI->input->cookie('lg',TRUE)!=TRUE)
			{
				delete_cookie("un");delete_cookie("bm");delete_cookie("lg");delete_cookie("rl");
				return FALSE;
			}
		}
		if(isset($_COOKIE['rl'])&&($_COOKIE['rl']!=""))
		{
			$str = $this->CI->input->cookie('rl',TRUE);
			settype($str,'int');
			if(($str!=1)&&($str!=77)&&($str!=99))
			{
				delete_cookie("un");delete_cookie("bm");delete_cookie("lg");delete_cookie("rl");
				return FALSE;
			}
		}
		return TRUE;
	}
	public function checkSession()
	{
		$this->CI=&get_instance();
		$arr = $this->CI->session->all_userdata();
		if(isset($arr['un']))
		{
			$str = $this->CI->security->xss_clean($arr['un']);
			if($str!=$arr['un'])
			{
				$this->CI->session->sess_destroy();
				return FALSE;
			}
		}
		if(isset($arr['bm']))
		{
			$str = $this->CI->security->xss_clean($arr['bm']);
			if($str!='lOcPhUsOlUtIoNs')
			{
				$this->CI->session->sess_destroy();
				return FALSE;
			}
		}
		if(isset($arr['lg']))
		{
			$str = $this->CI->security->xss_clean($arr['lg']);
			if($str!=TRUE)
			{
				$this->CI->session->sess_destroy();
				return FALSE;
			}
		}
		if(isset($arr['rl']))
		{
			$str = $this->CI->security->xss_clean($arr['rl']);
			settype($str,'int');
			if(($str!=1)&&($str!=77)&&($str!=99))
			{
				$this->CI->session->sess_destroy();
				return FALSE;
			}
		}
		return TRUE;
	}
	public function checkInput($arr)
	{
		$this->CI=&get_instance();
		if(is_array($arr))
		{
			if(isset($arr['username']))
			{
				$str = $this->CI->security->xss_clean($arr['username']);
				if($str!=$arr['username']) return FALSE;
			}
			if(isset($arr['password']))
			{
				$str = $this->CI->security->xss_clean($arr['password']);
				if($str!=$arr['password']) return FALSE;
			}
			if(isset($arr['email']))
			{
				$str = $this->CI->security->xss_clean($arr['email']);
				if($str!=$arr['email']) return FALSE;
			}
			if(isset($arr['sex']))
			{
				$str = $this->CI->security->xss_clean($arr['sex']);
				if($str!=$arr['sex']) return FALSE;
				if(!is_numeric($str)) return FALSE;
			}
			if(isset($arr['birthday']))
			{
				$str = $this->CI->security->xss_clean($arr['birthday']);
				if($str!=$arr['birthday']) return FALSE;
			}
			if(isset($arr['fullname']))
			{
				$str = $this->CI->security->xss_clean($arr['fullname']);
				if($str!=$arr['fullname']) return FALSE;
			}
			if(isset($arr['phone']))
			{
				$str = $this->CI->security->xss_clean($arr['phone']);
				if($str!=$arr['phone']) return FALSE;
			}
			if(isset($arr['address']))
			{
				$str = $this->CI->security->xss_clean($arr['address']);
				if($str!=$arr['address']) return FALSE;
			}
			if(isset($arr['city']))
			{
				$str = $this->CI->security->xss_clean($arr['city']);
				if($str!=$arr['city']) return FALSE;
			}
			if(isset($arr['country']))
			{
				$str = $this->CI->security->xss_clean($arr['country']);
				if($str!=$arr['country']) return FALSE;
			}
			if(isset($arr['createdate']))
			{
				$str = $this->CI->security->xss_clean($arr['createdate']);
				if($str!=$arr['createdate']) return FALSE;
			}
			if(isset($arr['activedate']))
			{
				$str = $this->CI->security->xss_clean($arr['activedate']);
				if($str!=$arr['activedate']) return FALSE;
			}
			if(isset($arr['role']))
			{
				$str = $this->CI->security->xss_clean($arr['role']);
				if($str!=$arr['role']) return FALSE;
				if(!is_numeric($str)) return FALSE;
			}
			if(isset($arr['status']))
			{
				$str = $this->CI->security->xss_clean($arr['status']);
				if($str!=$arr['status']) return FALSE;
				if(!is_numeric($str)) return FALSE;
			}
			if(isset($arr['mahoa']))
			{
				$str = $this->CI->security->xss_clean($arr['mahoa']);
				if($str!=$arr['mahoa']) return FALSE;
			}
			return TRUE;
		}
		return FALSE;
	}
	public function checkUsername($arr)
	{
		$this->CI=&get_instance();
		if($this->checkInput($arr))
		{
			if(isset($arr['username'])&&($arr['username']!=NULL))
			{
				$query=$this->CI->db->query('SELECT status FROM '.$this->db.' WHERE username = ?',array($arr['username']));
				$chk=$query->num_rows();
				if($query->num_rows()>0)
				{
					return TRUE;
				}
			}
		}
		return FALSE;
	}
	public function checkStatus($arr)
	{//2:Đã kích hoạt; 1:Chưa kích hoạt; 0:Khóa; -3:Chưa tạo; -2:XSS
		$this->CI=&get_instance();
		if($this->checkInput($arr))
		{
			if($this->checkUsername($arr))
			{
				$query=$this->CI->db->query('SELECT status FROM '.$this->db.' WHERE username = ?',array($arr['username']));
				$chk=$query->num_rows();
				if($query->num_rows()>0)
				{
					return $query->row()->status;
				}
				else return -1;
			}
			else return -3;
		}
		else return -2;
	}
	public function create($arr,$type='basic')
	{//1: Thành công; -1: Type không đúng; -2:XSS; -3: Username đã tồn tại; -4: Dữ liệu đưa vào không đủ; -5: Lỗi insert database
		$this->CI=&get_instance();
		if($this->checkInput($arr))
		{
			if(!$this->checkUsername($arr))
			{
				$this->CI->load->helper('string');
				if($type=='basic')
				{
					if((isset($arr['username']))&&($arr['username']!=NULL)&&(isset($arr['password']))&&($arr['password']!=NULL)&&(isset($arr['email']))&&($arr['email']!=NULL))
					{
						$this->CI->db->query("INSERT INTO ".$this->db."(username, password, email, createdate, role, status, mahoa) VALUES (?, ?, ?, ?, ?, ?, ?)",array($arr['username'],md5($arr['password']),$arr['email'],date("Y-m-d"),1,1,random_string('sha1', 16)));
						return 1;
					}
					else return -4;
				}
				elseif($type=='full')
				{
					if((isset($arr['username']))&&($arr['username']!=NULL)&&(isset($arr['password']))&&($arr['password']!=NULL)&&(isset($arr['email']))&&($arr['email']!=NULL)&&(isset($arr['sex']))&&(isset($arr['birthday']))&&(isset($arr['fullname']))&&(isset($arr['phone']))&&(isset($arr['address']))&&(isset($arr['city']))&&(isset($arr['country'])))
					{
						$this->CI->db->query("INSERT INTO ".$this->db." VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)",array($arr['username'],md5($arr['password']),$arr['email'],$arr['sex'],$arr['birthday'],$arr['fullname'],$arr['phone'],$arr['address'],$arr['city'],$arr['country'],date("Y-m-d"),NULL,1,1,random_string('sha1', 16)));
						return 1;
					}
					else return -4;
				}
				elseif($type=='admin')
				{
					if((isset($arr['username']))&&($arr['username']!=NULL)&&(isset($arr['password']))&&($arr['password']!=NULL)&&(isset($arr['email']))&&($arr['email']!=NULL))
					{
						$this->CI->db->query("INSERT INTO ".$this->db."(username, password, email, createdate, role, status) VALUES (?, ?, ?, ?, ?, ?)",array($arr['username'],md5($arr['password']),$arr['email'],date("Y-m-d"),99,2));
						return 1;
					}
					else return -4;
				}
				else return -1;
			}
			else return -3;
		}
		else return -2;
	}
	public function update($arr)
	{//1: Thành công; -2:XSS; -3: Username không tồn tại; -4: Dữ liệu đưa vào không đủ; -5: Lỗi update database
		$this->CI=&get_instance();
		if($this->checkInput($arr))
		{
			if($this->checkUsername($arr))
			{
				if((isset($arr['username']))&&($arr['username']!=NULL)&&(isset($arr['email']))&&($arr['email']!=NULL)&&(isset($arr['sex']))&&(isset($arr['birthday']))&&(isset($arr['fullname']))&&(isset($arr['phone']))&&(isset($arr['address']))&&(isset($arr['city']))&&(isset($arr['country'])))
				{
					$this->CI->db->query("UPDATE ".$this->db." SET sex = ?, birthday = ?, fullname = ?, phone = ?, address = ?, city = ?, country = ? WHERE username = ? AND email = ?",array($arr['sex'],$arr['birthday'],$arr['fullname'],$arr['phone'],$arr['address'],$arr['city'],$arr['country'],$arr['username'],$arr['email']));
					$query = $this->CI->db->query("SELECT status FROM ".$this->db." WHERE sex = ? AND birthday = ? AND fullname = ? AND phone = ? AND address = ? AND city = ? AND country = ? AND username = ? AND email = ?",array($arr['sex'],$arr['birthday'],$arr['fullname'],$arr['phone'],$arr['address'],$arr['city'],$arr['country'],$arr['username'],$arr['email']));
					if($query->num_rows()>0) return 1;
					return -5;
				}
				else return -4;
			}
			else return -3;
		}
		else return -2;
	}
	public function active($arr)
	{//1: Thành công; -2:XSS; -3: Username không tồn tại; -4: Dữ liệu đưa vào không đủ; -5: Lỗi update database; -6: Tài khoản da bi khoa hoac da kich hoat; -7: không đúng mahoa;
		$this->CI=&get_instance();
		if($this->checkInput($arr))
		{
			if($this->checkUsername($arr))
			{
				$chk = $this->checkStatus($arr);
				if($chk==1)
				{
					if(isset($arr['mahoa'])&&($arr['mahoa']!=NULL))
					{
						$query = $this->CI->db->query("SELECT role FROM ".$this->db." WHERE username = ? AND status = 1 AND mahoa = ?",array($arr['username'],$arr['mahoa']));
						if($query->num_rows()>0)
						{
							$this->CI->db->query("UPDATE ".$this->db." SET status = 2, activedate = ? WHERE username = ? AND mahoa = ?",array(date('Y-m-d'),$arr['username'],$arr['mahoa']));
							$query = $this->CI->db->query("SELECT role FROM ".$this->db." WHERE username = ? AND status = 2 AND mahoa = ?",array($arr['username'],$arr['mahoa']));
							if($query->num_rows()>0) return 1; return -5;
						}
						else return -7;
					}
					else return -4;
				}
				else return -6;
			}
			else return -3;
		}
		else return -2;
	}
	public function login($arr,$remember=FALSE,$baomat='lOcPhUsOlUtIoNs')
	{//1: Thành công; -2:XSS; -3: Username không tồn tại; -4: password ko đúng; -6: role ko tồn tại; -7: Tình trạng tài khoản không được active;
		$this->CI=&get_instance();
		if($this->checkInput($arr))
		{
			if($this->checkUsername($arr))
			{
				if(isset($arr['password'])&&($arr['password']!=NULL))
				{
					$status = $this->checkStatus($arr);
					if($status==2)
					{
						$query = $this->CI->db->query("SELECT role FROM ".$this->db." WHERE username = ? AND status = 2 AND password = ?",array($arr['username'],md5($arr['password'])));
						if($query->num_rows()>0)
						{
							$role = $query->row()->role;
							if(($role==1)||($role==77)||($role==99))
							{
								$arrUser = array('un'=>$arr['username'],'bm'=>$baomat,'lg'=>TRUE,'rl'=>$role);
								if($remember)
								{
									$un = array(
										'name'   => 'un',
										'value'  => $arrUser['un'],
										'expire' => '1296000'
									);
									$this->CI->input->set_cookie($un);
									$bm = array(
										'name'   => 'bm',
										'value'  => $arrUser['bm'],
										'expire' => '1296000'
									);
									$this->CI->input->set_cookie($bm);
									$lg = array(
										'name'   => 'lg',
										'value'  => $arrUser['lg'],
										'expire' => '1296000'
									);
									$this->CI->input->set_cookie($lg);
									$rl = array(
										'name'   => 'rl',
										'value'  => $arrUser['rl'],
										'expire' => '1296000'
									);
									$this->CI->input->set_cookie($rl);
								}
								$this->CI->session->set_userdata($arrUser);
								return 1;
							}
							else return -4;
						}
						else return -6;
					}
					else return -7;
				}
				else return -4;
			}
			else return -3;
		}
		else return -2;
	}
	public function checkLogin()
	{//1: Session; 2: Cookie; 0: Khong ton tai session hoac cookie; -1: XSS; -2: role ko dung
		$this->CI=&get_instance();
		$arr = array();
		if(isset($_COOKIE['un'])&&isset($_COOKIE['lg'])&&isset($_COOKIE['bm'])&&isset($_COOKIE['rl']))
		{
			if($this->checkCookie())
			{
				$arr['username'] = $this->CI->input->cookie('un',TRUE);
				$arr['role'] = $this->CI->input->cookie('rl',TRUE);
				$query = $this->CI->db->query('SELECT email FROM '.$this->db.' WHERE username = ? AND status = 2 AND role = ?',array($arr['username'],$arr['role']));
				if($query->num_rows()>0)
				{
					return 2;
				}
				else return -2;
			}
			else
			{
				$this->logout();
				return -1;
			}
		}
		elseif(($this->CI->session->userdata('un')!=NULL)&&($this->CI->session->userdata('lg')!=NULL)&&($this->CI->session->userdata('bm')!=NULL)&&($this->CI->session->userdata('rl')!=NULL))
		{
			if($this->checkSession())
			{
				$arr['username'] = $this->CI->session->userdata('un',TRUE);
				$arr['role'] = $this->CI->session->userdata('rl',TRUE);
				$query = $this->CI->db->query('SELECT email FROM '.$this->db.' WHERE username = ? AND status = 2 AND role = ?',array($arr['username'],$arr['role']));
				if($query->num_rows()>0)
				{
					return 1;
				}
				else return -2;
			}
			else
			{
				$this->logout();
				return -1;
			}
		}
		else return 0;
	}
	public function logout()
	{
		$this->CI=&get_instance();
		delete_cookie("un");delete_cookie("bm");delete_cookie("lg");delete_cookie("rl");
		$this->CI->session->sess_destroy();
	}
	public function updateRole($arr)
	{//-1: Khong co quyen cap nhat; -2: Ko co login;
		$this->CI=&get_instance();
		$chk = $this->checkLogin();
		if($chk==1)
		{
			$role = $this->CI->session->userdata('rl',TRUE);
		}
		elseif($chk==2)
		{
			$role = $this->CI->input->cookie('rl',TRUE);
		}
		else return -2;
		if(is_numeric($role)) settype($role,'int');
		if($role==77)
		{
			$this->checkUsername($arr);
			$this->CI->db->query("UPDATE ".$this->db.' SET role = ? WHERE username = ?',array($arr['role'],$arr['username']));
			return 1;
		}
		else return -1;
	}
	public function updateStatus()
	{//1: Thành công; -2:XSS; -3: Username không tồn tại; -4: Dữ liệu đưa vào không đủ; -5: Lỗi update database;
		$this->CI=&get_instance();
		if($this->checkInput($arr))
		{
			if($this->checkUsername($arr))
			{
				if(isset($arr['status'])&&($arr['status']!=NULL))
				{
					$this->CI->db->query("UPDATE ".$this->db." SET status = ? WHERE username = ?",array($arr['status'],$arr['username']));
					$query = $this->CI->db->query("SELECT role FROM ".$this->db." WHERE username = ? AND status = ?",array($arr['username'],$arr['status']));
					if($query->num_rows()>0) return 1; return -5;
				}
				else return -4;
			}
			else return -3;
		}
		else return -2;
	}
	public function getaccountbyrole($role)
	{
		$query = $this->CI->db->query('SELECT username, role FROM lp_account WHERE role = 1 OR role = 99');
		return $query->result();
	}
	public function changepassword($arr)
	{
		$this->CI=&get_instance();
		if($this->checkInput($arr))
		{//1: Thành công; -2:XSS; -3: Username không tồn tại; -4: Dữ liệu đưa vào không đủ; -5: Lỗi update database;
			if($this->checkUsername($arr))
			{
				if(isset($arr['password'])&&($arr['password']!=NULL))
				{
					$this->CI->db->query("UPDATE ".$this->db." SET password = ? WHERE username = ?",array(md5($arr['password']),$arr['username']));
					$query = $this->CI->db->query("SELECT role FROM ".$this->db." WHERE username = ? AND password = ?",array($arr['username'],md5($arr['password'])));
					if($query->num_rows()>0) return 1; return -5;
				}
				else return -4;
			}
			else return -3;
		}
		else return -2;
	}
}